4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb expression matching
30 * Description: ldb expression matching
32 * Author: Andrew Tridgell
35 #include "ldb_private.h"
38 check if the scope matches in a search result
40 static int ldb_match_scope(struct ldb_context *ldb,
47 if (base == NULL || dn == NULL) {
53 if (ldb_dn_compare(base, dn) == 0) {
58 case LDB_SCOPE_ONELEVEL:
59 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
60 if (ldb_dn_compare_base(base, dn) == 0) {
66 case LDB_SCOPE_SUBTREE:
68 if (ldb_dn_compare_base(base, dn) == 0) {
79 match if node is present
81 static int ldb_match_present(struct ldb_context *ldb,
82 const struct ldb_message *msg,
83 const struct ldb_parse_tree *tree,
84 enum ldb_scope scope, bool *matched)
86 const struct ldb_schema_attribute *a;
87 struct ldb_message_element *el;
89 if (ldb_attr_dn(tree->u.present.attr) == 0) {
94 el = ldb_msg_find_element(msg, tree->u.present.attr);
100 a = ldb_schema_attribute_by_name(ldb, el->name);
102 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
105 if (a->syntax->operator_fn) {
107 for (i = 0; i < el->num_values; i++) {
108 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
109 if (ret != LDB_SUCCESS) return ret;
110 if (*matched) return LDB_SUCCESS;
120 static int ldb_match_comparison(struct ldb_context *ldb,
121 const struct ldb_message *msg,
122 const struct ldb_parse_tree *tree,
123 enum ldb_scope scope,
124 enum ldb_parse_op comp_op, bool *matched)
127 struct ldb_message_element *el;
128 const struct ldb_schema_attribute *a;
130 /* FIXME: APPROX comparison not handled yet */
131 if (comp_op == LDB_OP_APPROX) {
132 return LDB_ERR_INAPPROPRIATE_MATCHING;
135 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
141 a = ldb_schema_attribute_by_name(ldb, el->name);
143 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
146 for (i = 0; i < el->num_values; i++) {
147 if (a->syntax->operator_fn) {
149 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
150 if (ret != LDB_SUCCESS) return ret;
151 if (*matched) return LDB_SUCCESS;
153 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
159 if (ret > 0 && comp_op == LDB_OP_GREATER) {
163 if (ret < 0 && comp_op == LDB_OP_LESS) {
175 match a simple leaf node
177 static int ldb_match_equality(struct ldb_context *ldb,
178 const struct ldb_message *msg,
179 const struct ldb_parse_tree *tree,
180 enum ldb_scope scope,
184 struct ldb_message_element *el;
185 const struct ldb_schema_attribute *a;
186 struct ldb_dn *valuedn;
189 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
190 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
191 if (valuedn == NULL) {
192 return LDB_ERR_INVALID_DN_SYNTAX;
195 ret = ldb_dn_compare(msg->dn, valuedn);
197 talloc_free(valuedn);
199 *matched = (ret == 0);
203 /* TODO: handle the "*" case derived from an extended search
204 operation without the attibute type defined */
205 el = ldb_msg_find_element(msg, tree->u.equality.attr);
211 a = ldb_schema_attribute_by_name(ldb, el->name);
213 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
216 for (i=0;i<el->num_values;i++) {
217 if (a->syntax->operator_fn) {
218 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
219 &tree->u.equality.value, &el->values[i], matched);
220 if (ret != LDB_SUCCESS) return ret;
221 if (*matched) return LDB_SUCCESS;
223 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
224 &el->values[i]) == 0) {
235 static int ldb_wildcard_compare(struct ldb_context *ldb,
236 const struct ldb_parse_tree *tree,
237 const struct ldb_val value, bool *matched)
239 const struct ldb_schema_attribute *a;
242 struct ldb_val *chunk;
244 uint8_t *save_p = NULL;
247 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
249 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
252 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
253 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
259 if ( ! tree->u.substring.start_with_wildcard ) {
261 chunk = tree->u.substring.chunks[c];
262 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
264 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
265 if (cnk.length > val.length) {
268 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
269 val.length -= cnk.length;
270 val.data += cnk.length;
272 talloc_free(cnk.data);
276 while (tree->u.substring.chunks[c]) {
278 chunk = tree->u.substring.chunks[c];
279 if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
281 /* FIXME: case of embedded nulls */
282 p = strstr((char *)val.data, (char *)cnk.data);
283 if (p == NULL) goto mismatch;
284 if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
286 g = strstr((char *)p + cnk.length, (char *)cnk.data);
290 val.length = val.length - (p - (char *)(val.data)) - cnk.length;
291 val.data = (uint8_t *)(p + cnk.length);
293 talloc_free(cnk.data);
297 /* last chunk may not have reached end of string */
298 if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
306 talloc_free(cnk.data);
311 match a simple leaf node
313 static int ldb_match_substring(struct ldb_context *ldb,
314 const struct ldb_message *msg,
315 const struct ldb_parse_tree *tree,
316 enum ldb_scope scope, bool *matched)
319 struct ldb_message_element *el;
321 el = ldb_msg_find_element(msg, tree->u.substring.attr);
327 for (i = 0; i < el->num_values; i++) {
329 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
330 if (ret != LDB_SUCCESS) return ret;
331 if (*matched) return LDB_SUCCESS;
340 bitwise-and comparator
342 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
349 if (v1->length >= sizeof(ibuf)-1) {
350 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
352 memcpy(ibuf, (char *)v1->data, v1->length);
353 ibuf[v1->length] = 0;
354 i1 = strtoull(ibuf, &endptr, 0);
355 if (endptr != NULL) {
356 if (endptr == ibuf || *endptr != 0) {
357 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
361 if (v2->length >= sizeof(ibuf)-1) {
362 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
365 memcpy(ibuf, (char *)v2->data, v2->length);
366 ibuf[v2->length] = 0;
367 i2 = strtoull(ibuf, &endptr, 0);
368 if (endptr != NULL) {
369 if (endptr == ibuf || *endptr != 0) {
370 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
373 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
374 *matched = ((i1 & i2) == i2);
375 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
376 *matched = ((i1 & i2) != 0);
378 return LDB_ERR_INAPPROPRIATE_MATCHING;
385 extended match, handles things like bitops
387 static int ldb_match_extended(struct ldb_context *ldb,
388 const struct ldb_message *msg,
389 const struct ldb_parse_tree *tree,
390 enum ldb_scope scope, bool *matched)
395 int (*comparator)(const char *, const struct ldb_val *, const struct ldb_val *, bool *);
397 { LDB_OID_COMPARATOR_AND, ldb_comparator_bitmask},
398 { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask}
400 int (*comp)(const char *,const struct ldb_val *, const struct ldb_val *, bool *) = NULL;
401 struct ldb_message_element *el;
403 if (tree->u.extended.dnAttributes) {
404 /* FIXME: We really need to find out what this ":dn" part in
405 * an extended match means and how to handle it. For now print
406 * only a warning to have s3 winbind and other tools working
407 * against us. - Matthias */
408 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
410 if (tree->u.extended.rule_id == NULL) {
411 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
412 return LDB_ERR_INAPPROPRIATE_MATCHING;
414 if (tree->u.extended.attr == NULL) {
415 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
416 return LDB_ERR_INAPPROPRIATE_MATCHING;
419 for (i=0;i<ARRAY_SIZE(rules);i++) {
420 if (strcmp(rules[i].oid, tree->u.extended.rule_id) == 0) {
421 comp = rules[i].comparator;
426 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
427 tree->u.extended.rule_id);
428 return LDB_ERR_INAPPROPRIATE_MATCHING;
431 /* find the message element */
432 el = ldb_msg_find_element(msg, tree->u.extended.attr);
438 for (i=0;i<el->num_values;i++) {
439 int ret = comp(tree->u.extended.rule_id, &el->values[i], &tree->u.extended.value, matched);
440 if (ret != LDB_SUCCESS) return ret;
441 if (*matched) return LDB_SUCCESS;
449 return 0 if the given parse tree matches the given message. Assumes
450 the message is in sorted order
452 return 1 if it matches, and 0 if it doesn't match
454 this is a recursive function, and does short-circuit evaluation
456 static int ldb_match_message(struct ldb_context *ldb,
457 const struct ldb_message *msg,
458 const struct ldb_parse_tree *tree,
459 enum ldb_scope scope, bool *matched)
466 switch (tree->operation) {
468 for (i=0;i<tree->u.list.num_elements;i++) {
469 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
470 if (ret != LDB_SUCCESS) return ret;
471 if (!*matched) return LDB_SUCCESS;
477 for (i=0;i<tree->u.list.num_elements;i++) {
478 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
479 if (ret != LDB_SUCCESS) return ret;
480 if (*matched) return LDB_SUCCESS;
486 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
487 if (ret != LDB_SUCCESS) return ret;
488 *matched = ! *matched;
491 case LDB_OP_EQUALITY:
492 return ldb_match_equality(ldb, msg, tree, scope, matched);
494 case LDB_OP_SUBSTRING:
495 return ldb_match_substring(ldb, msg, tree, scope, matched);
498 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
501 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
504 return ldb_match_present(ldb, msg, tree, scope, matched);
507 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
509 case LDB_OP_EXTENDED:
510 return ldb_match_extended(ldb, msg, tree, scope, matched);
513 return LDB_ERR_INAPPROPRIATE_MATCHING;
516 int ldb_match_msg(struct ldb_context *ldb,
517 const struct ldb_message *msg,
518 const struct ldb_parse_tree *tree,
520 enum ldb_scope scope)
525 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
529 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
530 if (ret != LDB_SUCCESS) {
531 /* to match the old API, we need to consider this a
538 int ldb_match_msg_error(struct ldb_context *ldb,
539 const struct ldb_message *msg,
540 const struct ldb_parse_tree *tree,
542 enum ldb_scope scope,
545 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
550 return ldb_match_message(ldb, msg, tree, scope, matched);
553 int ldb_match_msg_objectclass(const struct ldb_message *msg,
554 const char *objectclass)
557 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
561 for (i=0; i < el->num_values; i++) {
562 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
git.samba.org / samba.git / blob